Cloudfoundry: >> Garden-Runc >> 1.0.3 Security Vulnerabilities
Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps.
CVSS Score
6.8
EPSS Score
0.003
Published
2018-09-18
Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-04-30